[cod] Query limiting...
Marco Padovan
evcz at evcz.tk
Tue Oct 25 06:47:35 EDT 2011
I can confirm that since the day before yesterday I started to receive
alerts from the firewall about cod2 attacks too.
In the past (up to 3months ago) enemy territory was another heavily
targeted game.
Il 25/10/2011 12:43, Luca Farflame Fabbro ha scritto:
> Hi Ryan
> in one of your previous messages you mentioned that this patch can be "ported" also to the other COD servers. Is there any plan to do this?
> Now it seems that even if the server are less in number they target the COD2 servers to do the DDOS attacks. Don't have any COD server running so I don't know if also those are used as reflectors.
>
> Just one simple question regarding the patch fort the COD4 server.
> If you leave the server up'n running for a certain period of time (no restart for 3 weeks let's say) it seems that when the
> sv_queryIgnoreMegs
> limit is reached (our servers don't have a lot of players) the server starts to reply to the query with the spoofed IP's. A restart of the server solves the problem.
> I know that it will be better to restart the server before that time but would it be a possible solution to flush the stored bad IP's and restart the check on the new incoming packets when the predefined memory is full or just before this happens (% or minimum sv-ignore free memory)? Usually the attackers use the server as a reflector only for a certain amount of time (form 1 hour or less to a maximum of 2 - 3 days) then a lot of time will pass before having the same IP used as destination of the DDOS attack.
>
> Regards
> Luca
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/cod/attachments/20111025/dfb65844/attachment.htm>
More information about the cod
mailing list